<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ page import ="java.sql.ResultSet,java.sql.Statement,java.sql.SQLException,java.sql.Connection,java.sql.DriverManager,javax.servlet.*,javax.servlet.http.*,java.io.*,java.net.URLEncoder"%>
<%
    String username,passwd;
    username = request.getParameter("username");
    passwd = request.getParameter("password");
    String drivername = "com.mysql.jdbc.Driver";
    String uname = "waqwb";
    String upwd = "qiu55555";
    String dname = "sqlinject";
    String url = "jdbc:mysql://localhost:3306/users";
    Class.forName(drivername).newInstance();
    Connection conn = DriverManager.getConnection(url,uname,upwd);
    Statement stmt = conn.createStatement();
    ResultSet rs = stmt.executeQuery("'select * from users where username='+ username+'and passwd='+passwd");
    if(rs.next()){
        out.print("<center><h3>登陆成功</h3></center>")；
    } else {
        out.print("<center><h3>登陆失败</h3></center>");
    }
    stmt.close();
    conn.close();
%>